Hospital Shares Lessons from “Hacktivist” Cyberattack

Factors that helped a children's hospital respond to and weather a cybersecurity attack included planning, staff training, a multidisciplinary team, and help from the Internet service provider and other third-party partners, states a perspective piece in the July 31, 2014, New England Journal of Medicine. The author is a physician and the chief information officer of a children's hospital that was targeted by cyberattackers in connection with a child custody case (see the April 30, 2014, HRC Alerts). A large part of the planning involved creating an inventory of "all clinical, research, and business processes and systems that depend on Internet connectivity" and contingency plans for each. Although most planning focuses on loss of all network or application access, the attack did not make applications totally unavailable; instead, it took down only certain functionalities. For example, physicians could create and print prescriptions but not send them to pharmacies electronically.